一、简介
KubeSphere 是在 Kubernetes 之上构建的以应用为中心的多租户容器平台,提供全栈的 IT 自动化运维的能力,简化企业的 DevOps 工作流。KubeSphere 提供了 运维友好的向导式操作界面,帮助企业快速构建一个强大和功能丰富的容器云平台,包括 Kubernetes 资源管理、DevOps (CI/CD)、应用生命周期管理、微服务治理 (Service Mesh)、多租户管理、监控日志、告警通知、存储与网络管理、GPU support 等功能,未来还将提供 多集群管理、Network Policy、镜像仓库管理 等功能。KubeSphere 愿景是打造一个基于 Kubernetes 的云原生分布式操作系统,它的架构可以很方便地与云原生生态系统进行即插即用(plug-and-play)的集成。
二、 环境信息
两台机器,一台用于下载安装包,一台用于部署
| role | IP | hostname | desc |
|---|---|---|---|
| packer | 192.168.1.100 | packer | 可联网下载软件包 |
| master、worker、registry | 192.168.1.101 | k8s | 主节点、工作节点、镜像 |
三、部署步骤
-
在联网的机器上下载所需文件
-
使用国内yum镜像源
#使用国内yum镜像源
sudo mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
sudo curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
sudo sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
sudo yum clean all
sudo yum makecache-
online 下载yum安装的一些工具,以便捷安装docker,单独保存到online目录下,离线集群可不安装此目录下的包
sudo yum install -y yum-utils device-mapper-persistent-data lvm2 --downloadonly --downloaddir=/opt/software/package/online -
下载一些安装k8s所需要的基础包,保存在k8s目录下
sudo yum install -y chrony openssl openssl-devel socat epel-release conntrack-tools --downloadonly --downloaddir=/opt/software/kubesphere/package/k8s -
安装yum工具
sudo rpm -Uvh --force --nodeps /opt/software/package/online/*.rpm -
安装时间同步工具,有些https链接时间不一直,会无法下载
修改 chrony配置文件,设置国内时间服务器
sudo vi /etc/chrony.conf
#注释删除原来的,增加国内
server ntp1.aliyun.com iburst
server ntp2.aliyun.com iburst
server time1.cloud.tencent.com iburst
server time2.cloud.tencent.com iburst -
重启chronyd以生效配置,并设置开机启动
sudo systemctl restart chronyd && systemctl enable chronyd -
设置时区
sudo timedatectl set-ntp true && timedatectl set-timezone Asia/Shanghai -
检查是否可用
sudo chronyc activity -v -
添加docker源
sudo yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
sudo sed -i 's+download.docker.com+mirrors.aliyun.com/docker-ce+' /etc/yum.repos.d/docker-ce.repo -
更新yum 元信息
sudo yum makecache fast -
保存docker安装包
sudo yum -y install docker-ce --downloadonly --downloaddir=/opt/software/kubesphere/package/k8s -
安装docker
sudo rpm -Uvh --force --nodeps /opt/software/kubesphere/package/k8s/*.rpm -
设置开机启动docker
sudo systemctl restart docker && systemctl enable docker -
docker镜像加速配置
此配置可到阿里云容器镜像服务-镜像工具-镜像加速器中获取
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://xxxx.mirror.aliyuncs.com"]
}
EOF -
重启docker及守护进程
sudo systemctl daemon-reload && systemctl restart docker -
拉取并保存registry2镜像仓库文件
sudo docker pull registry:2.7.1
mkdir -p /opt/software/kubesphere && cd /opt/software/kubesphere
sudo docker save -o /opt/software/kubesphere/docker.registry-2.7.1.tar registry:2.7.1 -
下载k8s安装包及拉取docker镜像
curl -L -O https://github.com/kubesphere/ks-installer/releases/download/v3.2.0/offline-installation-tool.sh -
下载镜像清单文件
curl -L -O https://github.com/kubesphere/ks-installer/releases/download/v3.2.0/images-list.txt
# 默认的images-list.txt缺少一些镜像,需要在##kubesphere-images下追加
kubesphere/pause:3.4.1
kubesphere/kube-apiserver:v1.21.5
kubesphere/kube-proxy:v1.21.5
kubesphere/kube-controller-manager:v1.21.5
kubesphere/kube-scheduler:v1.21.5
kubesphere/k8s-dns-node-cache:1.15.12
kubesphere/kubectl:v1.21.0
coredns/coredns:1.8.0
calico/cni:v3.20.0
calico/kube-controllers:v3.20.0
calico/node:v3.20.0
calico/pod2daemon-flexvol:v3.20.0
openebs/provisioner-localpv:2.10.1
openebs/linux-utils:2.10.0 -
下载kubekey
export KKZONE=cn;curl -sfL https://get-kk.kubesphere.io | VERSION=v1.2.0 sh - -
给脚本赋予执行权限
chmod +x /opt/software/kubesphere/offline-installation-tool.sh -
下载指定版本的k8s二进制文件
export KKZONE=cn;export KUBERNETES_VERSION="v1.21.5";./offline-installation-tool.sh -b -
修改镜像清单文件
mv images-list.txt images-list-add.txt -
下载kubesphere-images 根据images-list.txt配置,调用docker save 保存docker镜像文件
./offline-installation-tool.sh -s -l images-list-add.txt -d ./kubesphere-images -
下载crictl
cd /opt/software/kubesphere/kubekey/v1.21.5/amd64
curl -L -O https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.22.0/crictl-v1.22.0-linux-amd64.tar.gz -
制作registry文件
mkdir -p /opt/software/registry/docker/certs -
生成默认ca
openssl genrsa -out /opt/software/kubesphere/docker/certs/ca.key 2048
openssl req -x509 -new -nodes -key /opt/software/kubesphere/docker/certs/ca.key -subj "/CN=ca.kubekey.local" -days 36500 -out /opt/software/kubesphere/docker/certs/ca.crt -
生成证书
openssl req -new -sha256 \
-key /opt/software/kubesphere/docker/certs/ca.key \
-subj "/C=CN/ST=Beijing/L=Beijing/O=UnitedStack/OU=Devops/CN=dockerhub.kubekey.local" \
-reqexts SAN \
-config <(cat /etc/pki/tls/openssl.cnf \
<(printf "[SAN]\nsubjectAltName=DNS:dockerhub.kubekey.local")) \
-out /opt/software/kubesphere/docker/certs/domain.csr \
-keyout /opt/software/kubesphere/docker/certs/domain.key -
签名证书
openssl x509 -req -days 365000 \
-in /opt/software/kubesphere/docker/certs/domain.csr \
-CA /opt/software/kubesphere/docker/certs/ca.crt \
-CAkey /opt/software/kubesphere/docker/certs/ca.key -CAcreateserial \
-extfile <(printf "subjectAltName=DNS:dockerhub.kubekey.local") \
-out /opt/software/kubesphere/docker/certs/domain.crt -
打包离线部署包
cd /opt/software/
zip -q -r kubesphere.zip kubesphere/
-
-
离线机器部署操作
-
上传打包好的离线部署包
-
解压文件
mkdir -p /opt/software
unzip kubesphere.zip
tar -zxvf /opt/software/kubesphere/kubekey-v1.2.0-linux-amd64.tar.gz -C /opt/software/kubesphere/ -
备份文件
cp -r /opt/software/kubesphere/docker /opt/module/kubesphere
cp /opt/software/kubesphere/images-list-add.txt /opt/module/kubesphere
cp /opt/software/kubesphere/offline-installation-tool.sh /opt/module/kubesphere -
私库的证书
mkdir -p /etc/docker/certs.d/dockerhub.kubekey.local
cp /opt/module/kubesphere/docker/certs/ca.crt /etc/docker/certs.d/dockerhub.kubekey.local/ca.crt -
设置hosts
echo 192.168.1.101 dockerhub.kubekey.local >> /etc/hosts
echo 192.168.1.101 k8s >> /etc/hosts -
关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
systemctl status firewalld -
关闭selinux
# 临时关闭
setenforce 0
#永久关闭
sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/sysconfig/selinux
sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config -
关闭swap
swapoff -a
sed -ri 's/.*swap.*/#&/' /etc/fstab -
允许iptables检查桥接流量
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
br_netfilter
EOF
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sudo sysctl --system -
安装k8s所需要的基础包
mkdir -p /opt/software/kubesphere
sudo rpm -Uvh --force --nodeps /opt/software/kubesphere/package/k8s/*.rpm -
安装时间同步工具
#修改 chrony配置文件,设置国内时间服务器
sudo vi /etc/chrony.conf
#注释删除原来的,增加内网主节点的
server k8s100 iburst -
重启chronyd以生效配置,并设置开机启动
sudo systemctl restart chronyd && systemctl enable chronyd -
设置时区
sudo timedatectl set-ntp true && timedatectl set-timezone Asia/Shanghai -
检查是否可用
sudo chronyc activity -v -
上传下载好的docker安装包,并进行安装
wget https://download.docker.com/linux/static/stable/x86_64/docker-20.10.2.tgz
tar xvf docker-20.10.2.tgz
cd docker-20.10.2
sudo cp docker/* /usr/bin/
sudo dockerd &
docker info -
将docker注册成系统服务
sudo vi /usr/lib/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target
[Service]
Type=notify
ExecStart=/usr/bin/dockerd
ExecReload=/bin/kill -s HUP $MAINPID
LimitNOFILE=infinity
LimitNPROC=infinity
TimeoutStartSec=0
Delegate=yes
KillMode=process
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s
[Install]
WantedBy=multi-user.target
<<<end file
systemctl start/stop docker
systemctl enable/disable docker -
离线安装docker-compose
curl -L "https://github.com/docker/compose/releases/download/1.24.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
chmod +x /usr/bin/docker-compose
docker-compose --version -
开启docker服务
sudo systemctl start docker
sudo systemctl stop docker -
设置开机启动
systemctl enable docker -
导入镜像
docker load -i /opt/software/kubesphere/docker.registry-2.7.1.tar -
启动registry2镜像私库
docker run -d \
--restart=always \
--name registry \
-v /opt/module/kubesphere/docker/certs:/certs \
-v /opt/module/kubesphere/docker/registry:/var/lib/registry \
-e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/ca.key \
-p 443:443 \
registry:2.7.1 -
推送镜像至私有仓库
cd /opt/software/kubesphere
chmod +x offline-installation-tool.sh
./offline-installation-tool.sh -l images-list-add.txt -d ./kubesphere-images -r dockerhub.kubekey.local -
到浏览器查看导入镜像的列表
https://dockerhub.kubekey.local/v2/_catalog
-
-
部署KubeSphere
-
修改config-sample.yaml文件
#修改hosts,roleGroups
spec:
hosts:
- {name: k8s, address: 192.168.1.100, internalAddress: 192.168.1.101, user: root, password: toor}
roleGroups:
etcd:
- k8s
master:
- k8s
worker:
- k8s
#修改registry
privateRegistry: dockerhub.kubekey.local #指向镜像私库
#开启应用商店--可选
openpitrix:
store:
enabled: true -
拷贝文件
mkdir -p /opt/module/kubesphere
cp /opt/software/kubesphere/kk /opt/module/kubesphere
cp -r /opt/software/kubesphere/kubekey /opt/module/kubesphere
cp /opt/software/kubesphere/config-sample.yaml /opt/module/kubesphere -
执行安装
cd /opt/module/kubesphere/
chmod +x kk
unset KKZONE
./kk create cluster -f config-sample.yaml -
-
